Senators rip Anthem for 'unacceptable' response to data breach

Leaders of the Senate’s health committee are accusing the insurer Anthem of failing to inform millions of people who may have been affected by a massive data breach.

Committee chairman Lamar AlexanderAndrew (Lamar) Lamar AlexanderMurkowski, Mattis criticism ratchets up pressure on GOP over Trump China stalled reporting genetic information about COVID-19, angering WHO: report Senate GOP chairman criticizes Trump withdrawal from WHO MORE (R-Tenn.) and ranking member Patty MurrayPatricia (Patty) Lynn MurrayCOVID-19 workplace complaints surge; unions rip administration Lack of child care poses major hurdle as businesses reopen Democratic leaders say Trump testing strategy is 'to deny the truth' about lack of supplies MORE (D-Wash.) said Wednesday that 50 million customers who may have been impacted by the cyberattack still have not been informed. 

“The vast majority have not yet been informed,” Alexander wrote in a statement. “This delay is unacceptable and should be corrected immediately.”

ADVERTISEMENT

The senators wrote a letter to Anthem's chief executive Wednesday, which said they are “concerned with your slow pace of notification and outreach thus far.”  

Their efforts to intervene come about a month and a half after the company discovered the cyberattack. The insurer disclosed in late February that the breach had impacted more people than previously believed — including about 70 million current and former customers and employees.

A spokesperson for Anthem defended the company's response to the data breach. Because the company expected a lengthy process to inform all of the impacted customers, it set up a website and a hotline for customers.

"Over the last few days, we have also accelerated our member notification mailings. Approximately 2.4 million letters are mailed daily. We are working continuously to complete that process as soon as possible," the company wrote in a statement. 

The data potentially exposed in the breach included people's Social Security numbers and birthdays, but apparently not credit card numbers.

The senators asked Anthem to "speed up the pace of notifications, and share with our committee what steps you plan to take in the next few days, to dramatically increase the pace of notification,” they wrote. They do not provide a specific deadline for informing the customers, but requested a written update from the company by April 1.

The panel — the Senate Health, Education, Labor and Pensions Committee — also announced an initiative to examine the security of health IT last month.